3/7/2018 


What's actually happening when a cryptocurrency gets hacked? 



Home / Law Scribbler / What's actually happening when a cryptocurrency... 


LAW SCRIBBLER 

What's actually happening when a cryptocurrency 
gets hacked? 

BY JASON TASHEA (http://WWW.ABAJOURNAL.COM/AUTHORS/64729/) 


POSTED FEBRUARY 28, 2018, 12:32 PM CST 


Like 10 


Share 

Tweet 

Share 

submit 




Jason Tashea 


In late January, the Japanese 
cryptocurrency exchange 
Coincheck was hacked, costing 
260,000 users over $530 million in 
NEM, a cryptocurrency similar to 
bitcoin. This is the largest hack of 
its kind, but not the first. The 
previous record holder for largest 
crypto-heist was Mt. Gox, another 
exchange that saw $450 million in 
bitcoin stolen in 2014 leading to 
civil and criminal actions. 

With cryptocurrency 
hacks in the headlines, 
the takeaway for many 
has been that blockchain, 
cryptocurrency’s 
underlying software 
protocol, is the 
vulnerability. As one high 


http://www.abajournal.com/lawscribbler/article/whats_actually_happening_when_a_cryptocurrency_gets_hacked 


1/3 











3/7/2018 


What's actually happening when a cryptocurrency gets hacked? 


school friend posted 

recently: “If blockchain is so revolutionary, then how is it so easy to get hacked 
and lose your coins?” 

A question that prompts a teachable moment. 

The Coincheck and Mt. Gox hacks did not compromise the blockchain protocol 
underpinning the individual currency’s security. The hack occurred to a third-party 
exchange, a place to hold and trade cryptocurrency, like a digital bank robbery. 
So, while the money is gone, the currency’s blockchain is intact. 

In fact, it is rare that a blockchain protocol is the vulnerability that leads to a 
cryptocurrency hack. Blockchain Graveyard, an aggregator of information 
pertaining to cryptocurrency hacks, reports (https://magoo.github.io/Blockchain-Graveyard/) that 
in only three of the 51 incidents they analyzed was the protocol the root cause. 

See also: Blockchain-based initial coin offerings chart uncertain legal 

terrain (http://www.abajournal.com/magazine/article/blockchain_initial_coin_offerings_legal) 


Even though blockchain is built in a way to be extremely difficult to hack, it is 
clear that cryptocurrencies are not without their security risks. Chainalysis, a 
bitcoin forensics company, reports (https://biog.chainaiysis.com/crypto-crime/) that hacks and 
scams cost people $95 million in bitcoin in 2016, up from $3 million in 2013. 

To better understand the security issues, it helps to know how cryptocurrency is 
created. 

Cryptocurrency, often called a token or coin, is created through a process called 
mining, the crypto-version of minting. Mining bitcoin, for example, requires high- 
powered computers to complete complicated math problems to create new 
bitcoins, each of which is denoted by a hash, like a unique serial number, within a 
block on a blockchain. 

Once created and on the blockchain, that bitcoin can be traded by its owner. To 
indicate ownership, the owner of the cryptocurrency has a private hash that pairs 
with the public hash, which is a type of two-factor authentication. Proof of 
ownership is public, however, since many people and organizations use 
pseudonymous names for their accounts, it may be difficult to know who actually 
owns what bitcoin. 

To be able to trade a bitcoin requires one of two things: significant technical 
know-how or a third-party to manage the trade of the virtual asset. As the 
popularity of cryptocurrency grew, users of the novel technology were less 


http://www.abajournal.com/lawscribbler/article/whats_actually_happening_when_a_cryptocurrency_gets_hacked 



3/7/2018 


What's actually happening when a cryptocurrency gets hacked? 


technically savvy, which 
created a business 
opportunity for 
“exchanges” and “wallets,” 
which aid users handling 
cryptocurrency. 

It is here that otherwise 
secure cryptocurrencies 
are being stolen through 
ABA Journal series: Cybersecurity and the law online exchanges’ and 

wallets’ security 

vulnerabilities, like in the case of Coincheck. 

In the same way that a local bank robbery does not compromise the U.S. Mint, a 
hack of a crypto-exchange does not mean a blockchain protocol is vulnerable. 
Unlike a robbed bank, however, an exchange does not fall under various banking 
and finance rules and policies that help keep your money secure. 

So, regardless of who is getting hacked, when buying cryptocurrency, it is best to 
remember: buyer beware. 




Copyright 2018 American Bar Association. All rights reserved. 


http://www.abajournal.com/lawscribbler/article/whats_actually_happening_when_a_cryptocurrency_gets_hacked 


3/3 






